Slack icon Slack HackerOne

Target Policy
https://hackerone.com/slack?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • com.quip.quip

    Only accepting Critical reports 2023-12-01 to 2025-02-01.

    GOOGLE_PLAY_APP_ID
    critical
  • app.slack.com
    URL
    critical
  • slack-imgs.com
    URL
    critical
  • edgeapi.slack.com
    URL
    critical
  • spaces.pm
    URL
    critical
  • https://apps.apple.com/us/app/quip-docs-chat-sheets/id647922896

    Only accepting Critical reports as of 2023-12-01

    APPLE_STORE_APP_ID
    critical
  • com.slack.slackmdm

    Reports are accepted for vulnerabilities specific to the [Slack EMM/MDM version of the app](https://apps.apple.com/us/app/slack-for-emm/id1254292716).

    EMM client vulnerabilities in the absence of a valid MDM configuration via a supported MDM provider, (such as MobileIron), on an EMM-enabled Slack team are excluded.

    APPLE_STORE_APP_ID
    critical
  • com.tinyspeck.chatlyio

    The main Slack app is included: [Slack iOS App](https://apps.apple.com/us/app/slack/id618783545)

    Other versions of the app, such as the EMM and Intune versions, are not included.

    APPLE_STORE_APP_ID
    critical
  • slack-redir.net
    URL
    critical
  • slackhq.com

    This site runs on WordPress, so if you find vulnerabilities in the WordPress service, please see [WordPress bounty program](https://hackerone.com/wordpress) for reporting details

    URL
    none
  • status.slack.com

    The Slack status site

    URL
    none
  • slackb.com
    URL
    critical
  • www.quip.com

    Only accepting Critical reports as of 2023-12-01

    URL
    critical
  • 647922896

    itunes.apple.com/us/app/quip-docs-chat-sheets/id647922896

    APPLE_STORE_APP_ID
    critical
  • com.Slack
    GOOGLE_PLAY_APP_ID
    critical
  • Slack Desktop Application
    OTHER
    critical
  • slackatwork.com
    URL
    critical
  • slack.com

    The slack.com site and application.

    URL
    critical
  • *.quip.com

    Only accepting Critical reports as of 2023-12-01

    URL
    critical
  • https://github.com/slackhq/nebula

    Only Critical reports will be accepted and paid

    SOURCE_CODE
    critical
  • api.slack.com

    The Slack API

    URL
    critical
  • https://salesforce.quip.com/blog/desktop
    DOWNLOADABLE_EXECUTABLES
    critical
  • slack-status.com
    URL
    critical
Target Scope Domains
  • api.slack.com
  • app.slack.com
  • edgeapi.slack.com
  • quip.com
  • slack-imgs.com
  • slack-redir.net
  • slack-status.com
  • slack.com
  • slackatwork.com
  • slackb.com
  • spaces.pm
  • www.quip.com
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-dnsenum-threaded
allsubs
1 week, 4 days ago
Finished
auto-dnsenum-threaded
  • Fleet: allsubs
  • Duration: 9.83 Minutes
  • Finished: 1 week, 4 days ago